* [GIT PULL] nilfs2 changes for 7.1-rc1
@ 2026-04-10 22:09 Viacheslav Dubeyko
2026-04-14 0:29 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Viacheslav Dubeyko @ 2026-04-10 22:09 UTC (permalink / raw)
To: torvalds
Cc: linux-nilfs, linux-fsdevel, linux-kernel, konishi.ryusuke,
Kartikey406, Slava.Dubeyko
Hello Linus,
This pull request contains fixes of syzbot reported issues in
NILFS2 functionality.
The DAT inode's btree node cache (i_assoc_inode) is initialized lazily
during btree operations. However, nilfs_mdt_save_to_shadow_map()
assumes i_assoc_inode is already initialized when copying dirty pages
to the shadow map during GC. If NILFS_IOCTL_CLEAN_SEGMENTS is called
immediately after mount before any btree operation has occurred on
the DAT inode, i_assoc_inode is NULL leading to a general protection
fault. Deepanshu Kartikey has fixed this by calling
nilfs_attach_btree_node_cache() on the DAT inode in nilfs_dat_read()
at mount time, ensuring i_assoc_inode is always initialized before
any GC operation can use it.
nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dead blocks
by comparing it with the current block number bd_blocknr. If they
differ, the block is considered dead and skipped. A corrupted ioctl
request with bd_oblocknr set to 0 causes the comparison to incorrectly
match when the lookup returns -ENOENT and sets bd_blocknr to 0,
bypassing the dead block check and calling nilfs_bmap_mark() on a non-
existent block. This causes nilfs_btree_do_lookup() to return -ENOENT,
triggering the WARN_ON(ret == -ENOENT). Deepanshu Kartikey has fixed
this by rejecting ioctl requests with bd_oblocknr set to 0 at the
beginning of each iteration.
The following changes since commit
6de23f81a5e08be8fbf5e8d7e9febc72a5b5f27f:
Linux 7.0-rc1 (2026-02-22 13:18:59 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/nilfs2.git
tags/nilfs2-v7.1-tag1
for you to fetch changes up to
be3e5d10643d3be1cbac9d9939f220a99253f980:
nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
(2026-03-31 11:05:55 -0700)
----------------------------------------------------------------
nilfs2 updates for v7.1
- nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
- nilfs2: fix NULL i_assoc_inode dereference in
nilfs_mdt_save_to_shadow_map
----------------------------------------------------------------
Deepanshu Kartikey (2):
nilfs2: fix NULL i_assoc_inode dereference in
nilfs_mdt_save_to_shadow_map
nilfs2: reject zero bd_oblocknr in
nilfs_ioctl_mark_blocks_dirty()
fs/nilfs2/dat.c | 3 +++
fs/nilfs2/ioctl.c | 6 ++++++
2 files changed, 9 insertions(+)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] nilfs2 changes for 7.1-rc1
2026-04-10 22:09 [GIT PULL] nilfs2 changes for 7.1-rc1 Viacheslav Dubeyko
@ 2026-04-14 0:29 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2026-04-14 0:29 UTC (permalink / raw)
To: Viacheslav Dubeyko
Cc: torvalds, linux-nilfs, linux-fsdevel, linux-kernel,
konishi.ryusuke, Kartikey406, Slava.Dubeyko
The pull request you sent on Fri, 10 Apr 2026 15:09:55 -0700:
> git://git.kernel.org/pub/scm/linux/kernel/git/vdubeyko/nilfs2.git tags/nilfs2-v7.1-tag1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/f2729827aefffe333e9d92ffd49bef4e35c2c22d
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-14 0:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-10 22:09 [GIT PULL] nilfs2 changes for 7.1-rc1 Viacheslav Dubeyko
2026-04-14 0:29 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox